Trusted Design

InstantAccess Malware

概要

InstantAccess Malware hitting my net. Classified as a Trojan but having trouble determining how the queries are being started. Possible malicious redirect from another website. Reference is based off a hash, but I do not see that hash on my net. A few IP Addresses, mostly hosted by confluence-networks.com. I searched the IPs for associated domains and it all seems to be garbage spam/parked domains. The signatures to look for in the URL would include: /sk-logabpstatus.php?a= /sk-logabpstatus.php?b= List of domains are posted on the pastebin reference, and images are posted on my twitter. I searched these IPs on my net and the logs all show junk traffic. VirusTotal reference is for a new file only 4-5 days ago.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Malware issuing domains (score: 0.66)
Hosts Dropping exploit kit via double encoded javascript (score: 0.64)
Malware hosted on Facebook CDN (score: 0.63)
Tinba alias Tiny Banker Indicators (score: 0.62)
Suspicious IP addresses (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 7.82

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1144 - Gatekeeper Bypass

MITREへのリンク →

Mustang Panda

Score: 8.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1055.005 - Thread Local Storage

MITREへのリンク →

Sandworm Team

Score: 3.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Silent Librarian

Score: 3.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

ZIRCONIUM

Score: 3.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

APT32

Score: 8.49

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1668 - Exclusive Control

MITREへのリンク →

Kimsuky

Score: 12.84

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1668 - Exclusive Control
T1665 - Hide Infrastructure
T1053.002 - At

MITREへのリンク →

Magic Hound

Score: 9.03

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

APT28

Score: 22.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1146 - Clear Command History
T1668 - Exclusive Control
T1564.004 - NTFS File Attributes
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Star Blizzard

Score: 3.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Moonstone Sleet

Score: 3.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

CURIUM

Score: 5.74

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 5.74

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 7.06

Matched TTPs:

T1566.002 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1665 - Hide Infrastructure

MITREへのリンク →

Contagious Interview

Score: 9.90

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1562.010 - Downgrade Attack
T1221 - Template Injection

MITREへのリンク →

APT1

Score: 7.55

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1668 - Exclusive Control
T1053.002 - At

MITREへのリンク →

Leviathan

Score: 6.43

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1546.017 - Udev Rules

MITREへのリンク →

Earth Lusca

Score: 3.28

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA2541

Score: 4.67

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1546.017 - Udev Rules

MITREへのリンク →

Transparent Tribe

Score: 6.57

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

Threat Group-3390

Score: 6.43

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1546.017 - Udev Rules

MITREへのリンク →

Lazarus Group

Score: 13.18

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1569.002 - Service Execution

MITREへのリンク →

APT38

Score: 3.28

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI

MITREへのリンク →

Gamaredon Group

Score: 8.51

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1562.010 - Downgrade Attack
T1546.017 - Udev Rules

MITREへのリンク →

Winter Vivern

Score: 3.28

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI

MITREへのリンク →

TeamTNT

Score: 8.89

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1137.003 - Outlook Forms
T1665 - Hide Infrastructure

MITREへのリンク →

Aquatic Panda

Score: 6.59

Matched TTPs:

T1144 - Gatekeeper Bypass
T1668 - Exclusive Control

MITREへのリンク →

FIN13

Score: 9.52

Matched TTPs:

T1144 - Gatekeeper Bypass
T1668 - Exclusive Control
T1569.002 - Service Execution

MITREへのリンク →

LAPSUS$

Score: 4.54

Matched TTPs:

T1020 - Automated Exfiltration

MITREへのリンク →

BlackByte

Score: 3.84

Matched TTPs:

T1562.010 - Downgrade Attack

MITREへのリンク →

APT37

Score: 5.90

Matched TTPs:

T1078 - Valid Accounts
T1059.012 - Hypervisor CLI

MITREへのリンク →

Windshift

Score: 5.90

Matched TTPs:

T1078 - Valid Accounts
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT29

Score: 4.54

Matched TTPs:

T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Turla

Score: 4.69

Matched TTPs:

T1059.012 - Hypervisor CLI
T1569.002 - Service Execution

MITREへのリンク →

Mustard Tempest

Score: 9.59

Matched TTPs:

T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1053.002 - At

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1130 - Install Root Certificate
T1569.002 - Service Execution

MITREへのリンク →

Chimera

Score: 5.58

Matched TTPs:

T1668 - Exclusive Control
T1665 - Hide Infrastructure

MITREへのリンク →

Volt Typhoon

Score: 5.76

Matched TTPs:

T1665 - Hide Infrastructure
T1569.002 - Service Execution

MITREへのリンク →

Higaisa

Score: 8.91

Matched TTPs:

T1665 - Hide Infrastructure
T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

Molerats

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1094 - Custom Command and Control Protocol

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80

Matched TTPs:

T1668 - Exclusive Control
T1566.002 - Spearphishing Link
T1564.004 - NTFS File Attributes
T1059.012 - Hypervisor CLI
T1098.007 - Additional Local or Domain Groups
T1546.007 - Netsh Helper DLL
T1146 - Clear Command History

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る